rubocop-airbnb 6.0.0 → 7.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: badf32420d149c7d0f156905b025e12753c8d2138feca349ce157dd8f52acbb3
-  data.tar.gz: 7da82ffbd161c9e168091daeb0c9c0571c7a72eb33b635646f68ddeacf10a2e4
+  metadata.gz: ccce4935f81b65b3ebbdcdf3f5d4b8ab5638185d94f6df4f26cb02bbb8055916
+  data.tar.gz: e9b7b767b4443f4d608a446a1a8043770bb9fd388561b8f99991616747f0b634
 SHA512:
-  metadata.gz: d7eb9157f6279bc33ab656247532e9332160c3a2934c00bbace9684e23397e17300d1346bb874dae2bed24c599aa3685a30166da9735f7adf5529c55122dcc4d
-  data.tar.gz: d975235537cee012fa313562ee517ca34b7143d37ff975dbd3e0ccc4ffb9a3794982ab2871fe477fdedf2ef62ac0cf061e5383d0cdea7dafdbfbdd33144d3772
+  metadata.gz: 39764ecfbf6ff6445b6e2db7e8146192bb0f0a42af6f3974e605e604a923747daeee0dda494af367ad4f361a59c25edf2f8967e18853d3a6fb62b73508861bc9
+  data.tar.gz: ce99699300c02cafb988fd73bc54503838f254448f53771948e49977cfc2f84552240bf54b19808a88d33f91334456ff2bd8f654505daf45bd2c80b4f8da3262

data/CHANGELOG.md

@@ -1,7 +1,12 @@
+# 7.0.0
+* Add support for Ruby 3.3
+* Drop support for Ruby 2.6
+* Update rubocop to ~> 1.61
+
 # 6.0.0
 * Recover code analysis using `TargetRubyVersion` from Ruby 2.0 to 2.4
 * Drop support for Ruby 2.5
-* Update rubocop to 1.32.0
+* Update rubocop to ~> 1.32.0
 
 # 5.0.0
 * Add support for Ruby 3.1

data/config/rubocop-style.yml

@@ -116,7 +116,7 @@ Style/BlockDelimiters:
     - let!
     - subject
     - watch
-  IgnoredMethods:
+  AllowedMethods:
     # Methods that can be either procedural or functional and cannot be
     # categorised from their usage alone, e.g.
     #
@@ -889,7 +889,7 @@ Style/SymbolLiteral:
 Style/SymbolProc:
   Description: Use symbols as procs instead of blocks when possible.
   Enabled: false
-  IgnoredMethods:
+  AllowedMethods:
   - respond_to
 
 Style/TernaryParentheses:

data/lib/rubocop/airbnb/version.rb

@@ -3,6 +3,6 @@
 module RuboCop
   module Airbnb
     # Version information for the the Airbnb RuboCop plugin.
-    VERSION = '6.0.0'
+    VERSION = '7.0.0'
   end
 end

data/lib/rubocop/cop/airbnb/default_scope.rb

@@ -8,9 +8,10 @@ module RuboCop
               'refactor data access patterns since the scope becomes part '\
               'of every query unless explicitly excluded, even when it is '\
               'unnecessary or incidental to the desired logic.'.freeze
+        RESTRICT_ON_SEND = %i(default_scope).freeze
 
         def on_send(node)
-          return unless node.command?(:default_scope)
+          return if node.receiver
 
           add_offense(node)
         end

data/lib/rubocop/cop/airbnb/factory_class_use_string.rb

@@ -6,9 +6,10 @@ module RuboCop
       class FactoryClassUseString < Base
         MSG = 'Instead of :class => MyClass, use :class => "MyClass". ' \
           "This enables faster spec startup time and faster Zeus reload time.".freeze
+        RESTRICT_ON_SEND = %i(factory).freeze
 
         def on_send(node)
-          return unless node.command?(:factory)
+          return if node.receiver
 
           class_pair = class_node(node)
 

data/lib/rubocop/cop/airbnb/mass_assignment_accessible_modifier.rb

@@ -5,11 +5,9 @@ module RuboCop
       # mass assignment. It's a lazy, potentially dangerous approach that should be discouraged.
       class MassAssignmentAccessibleModifier < Base
         MSG = 'Do no override and objects mass assignment restrictions.'.freeze
+        RESTRICT_ON_SEND = %i(accessible=).freeze
 
         def on_send(node)
-          _receiver, method_name, *_args = *node
-
-          return unless method_name == :accessible=
           add_offense(node, message: MSG)
         end
       end

data/lib/rubocop/cop/airbnb/no_timeout.rb

@@ -8,9 +8,14 @@ module RuboCop
           'It can also cause logic errors since it can raise in ' \
           'any callee scope. Use client library timeouts and monitoring to ' \
           'ensure proper timing behavior for web requests.'.freeze
+        RESTRICT_ON_SEND = %i(timeout).freeze
+
+        def_node_matcher :timeout_const?, <<~PATTERN
+          (const {cbase nil?} :Timeout)
+        PATTERN
 
         def on_send(node)
-          return unless node.source.start_with?('Timeout.timeout')
+          return unless timeout_const?(node.receiver)
           add_offense(node, message: MSG)
         end
       end

data/lib/rubocop/cop/airbnb/phrase_bundle_keys.rb

@@ -27,10 +27,11 @@ module RuboCop
       class PhraseBundleKeys < Base
         MESSAGE =
           'Phrase bundle keys should match their translation keys.'.freeze
+        RESTRICT_ON_SEND = %i(t).freeze
 
         def on_send(node)
           parent = node.parent
-          if t_call?(node) && in_phrase_bundle_class?(node) && parent.pair_type?
+          if in_phrase_bundle_class?(node) && parent.pair_type?
             hash_key = parent.children[0]
             unless hash_key.children[0] == node.children[2].children[0]
               add_offense(hash_key, message: MESSAGE)
@@ -57,10 +58,6 @@ module RuboCop
               e.children[1] == :PhraseBundle
           end
         end
-
-        def t_call?(node)
-          node.children[1] == :t
-        end
       end
     end
   end

data/lib/rubocop/cop/airbnb/risky_activerecord_invocation.rb

@@ -3,7 +3,14 @@ module RuboCop
     module Airbnb
       # Disallow ActiveRecord calls that pass interpolated or added strings as an argument.
       class RiskyActiverecordInvocation < Base
-        VULNERABLE_AR_METHODS = [
+        MSG = 'Passing a string computed by interpolation or addition to an ActiveRecord ' \
+              'method is likely to lead to SQL injection. Use hash or parameterized syntax. For ' \
+              'more information, see ' \
+              'http://guides.rubyonrails.org/security.html#sql-injection-countermeasures and ' \
+              'https://rails-sqli.org/rails3. If you have confirmed with Security that this is a ' \
+              'safe usage of this style, disable this alert with ' \
+              '`# rubocop:disable Airbnb/RiskyActiverecordInvocation`.'.freeze
+        RESTRICT_ON_SEND = [
           :delete_all,
           :destroy_all,
           :exists?,
@@ -22,29 +29,15 @@ module RuboCop
           :update_all,
           :where,
         ].freeze
-        MSG = 'Passing a string computed by interpolation or addition to an ActiveRecord ' \
-              'method is likely to lead to SQL injection. Use hash or parameterized syntax. For ' \
-              'more information, see ' \
-              'http://guides.rubyonrails.org/security.html#sql-injection-countermeasures and ' \
-              'https://rails-sqli.org/rails3. If you have confirmed with Security that this is a ' \
-              'safe usage of this style, disable this alert with ' \
-              '`# rubocop:disable Airbnb/RiskyActiverecordInvocation`.'.freeze
         def on_send(node)
-          receiver, method_name, *_args = *node
-
-          return if receiver.nil?
-          return unless vulnerable_ar_method?(method_name)
-          if !includes_interpolation?(_args) && !includes_sum?(_args)
+          return if node.receiver.nil?
+          if !includes_interpolation?(node.arguments) && !includes_sum?(node.arguments)
             return
           end
 
           add_offense(node)
         end
 
-        def vulnerable_ar_method?(method)
-          VULNERABLE_AR_METHODS.include?(method)
-        end
-
         # Return true if the first arg is a :dstr that has non-:str components
         def includes_interpolation?(args)
           !args.first.nil? &&

data/lib/rubocop/cop/airbnb/rspec_environment_modification.rb

@@ -40,6 +40,7 @@ module RuboCop
         def_node_matcher :rails_env_assignment, '(send (const nil? :Rails) :env= ...)'
 
         MESSAGE = "Do not stub or set Rails.env in specs. Use the `stub_env` method instead".freeze
+        RESTRICT_ON_SEND = %i(to stub env=).freeze
 
         def on_send(node)
           path = node.source_range.source_buffer.name

data/lib/rubocop/cop/airbnb/unsafe_yaml_marshal.rb

@@ -6,35 +6,34 @@ module RuboCop
         MSG = 'Using unsafe YAML parsing methods on untrusted input can lead ' \
               'to remote code execution. Use `safe_load`, `parse`, `parse_file`, or ' \
               '`parse_stream` instead'.freeze
+        RESTRICT_ON_SEND = %i(load load_documents load_file load_stream).freeze
 
         def on_send(node)
-          receiver, method_name, *_args = *node
+          return if node.receiver.nil?
+          return unless node.receiver.const_type?
 
-          return if receiver.nil?
-          return unless receiver.const_type?
-
-          check_yaml(node, receiver, method_name, *_args)
-          check_marshal(node, receiver, method_name, *_args)
+          check_yaml(node)
+          check_marshal(node)
         rescue => e
           puts e
           puts e.backtrace
           raise
         end
 
-        def check_yaml(node, receiver, method_name, *_args)
-          return unless ['YAML', 'Psych'].include?(receiver.const_name)
-          return unless [:load, :load_documents, :load_file, :load_stream].include?(method_name)
+        def check_yaml(node)
+          const_name = node.receiver.const_name
+          return unless ['YAML', 'Psych'].include?(const_name)
 
-          message = "Using `#{receiver.const_name}.#{method_name}` on untrusted input can lead " \
+          message = "Using `#{const_name}.#{node.method_name}` on untrusted input can lead " \
             "to remote code execution. Use `safe_load`, `parse`, `parse_file`, or " \
             "`parse_stream` instead"
 
           add_offense(node, message: message)
         end
 
-        def check_marshal(node, receiver, method_name, *_args)
-          return unless receiver.const_name == 'Marshal'
-          return unless method_name == :load
+        def check_marshal(node)
+          return unless node.receiver.const_name == 'Marshal'
+          return unless node.method?(:load)
 
           message = 'Using `Marshal.load` on untrusted input can lead to remote code execution. ' \
             'Restructure your code to not use Marshal'

data/rubocop-airbnb.gemspec

@@ -15,7 +15,7 @@ Gem::Specification.new do |spec|
   spec.license = 'MIT'
   spec.version = RuboCop::Airbnb::VERSION
   spec.platform = Gem::Platform::RUBY
-  spec.required_ruby_version = '>= 2.5'
+  spec.required_ruby_version = '>= 2.7'
 
   spec.require_paths = ['lib']
   spec.files = Dir[
@@ -25,9 +25,9 @@ Gem::Specification.new do |spec|
     'Gemfile',
   ]
 
-  spec.add_dependency('rubocop', '~> 1.32.0')
-  spec.add_dependency('rubocop-performance', '~> 1.10.2')
-  spec.add_dependency('rubocop-rails', '~> 2.9.1')
-  spec.add_dependency('rubocop-rspec', '~> 2.0.0')
+  spec.add_dependency('rubocop', '~> 1.61')
+  spec.add_dependency('rubocop-performance', '~> 1.20')
+  spec.add_dependency('rubocop-rails', '~> 2.24')
+  spec.add_dependency('rubocop-rspec', '~> 2.26')
   spec.add_development_dependency('rspec', '~> 3.5')
 end

data/spec/rubocop/cop/airbnb/no_timeout_spec.rb

@@ -11,6 +11,17 @@ describe RuboCop::Cop::Airbnb::NoTimeout, :config do
       RUBY
     end
 
+    it 'rejects ::Timeout.timeout' do
+      expect_offense(<<~RUBY)
+        def some_method(a)
+          ::Timeout.timeout(5) do
+          ^^^^^^^^^^^^^^^^^^^^ Do not use Timeout.timeout. [...]
+            some_other_method(a)
+          end
+        end
+      RUBY
+    end
+
     it 'accepts foo.timeout' do
       expect_no_offenses(<<~RUBY)
         def some_method(a)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rubocop-airbnb
 version: !ruby/object:Gem::Version
-  version: 6.0.0
+  version: 7.0.0
 platform: ruby
 authors:
 - Airbnb Engineering
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-02-28 00:00:00.000000000 Z
+date: 2024-07-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubocop
@@ -16,56 +16,56 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.32.0
+        version: '1.61'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.32.0
+        version: '1.61'
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.10.2
+        version: '1.20'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.10.2
+        version: '1.20'
 - !ruby/object:Gem::Dependency
   name: rubocop-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.9.1
+        version: '2.24'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.9.1
+        version: '2.24'
 - !ruby/object:Gem::Dependency
   name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: '2.26'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: '2.26'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -163,7 +163,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.5'
+      version: '2.7'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="